Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin No Follow All External Links Spam Injection (2.3.0)

Description

WordPress Plugin No Follow All External Links is injecting spam into the website's content, thus publicizing content to normal site visitors or to search engines without the authorization of the website's owner. WordPress Plugin No Follow All External Links version 2.3.0 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/

Related Vulnerabilities

WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)

Moodle Other Vulnerability (CVE-2006-4784)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-2922)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5502)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2488)

Severity

High

Classification

CWE-610 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update